ScanSAT: Unlocking Static and Dynamic Scan Obfuscation

Lilas Alrahis, Muhammad Yasin, Nimisha Limaye, Hani Saleh, Baker Mohammad, Mahmoud Al-Qutayri, Ozgur Sinanoglu

Research output: Contribution to journalArticlepeer-review


While financially advantageous, outsourcing key steps, such as testing, to potentially untrusted Outsourced Assembly and Test (OSAT) companies may pose a risk of compromising on-chip assets. Obfuscation of scan chains is a technique that hides the actual scan data from the untrusted testers; logic inserted between the scan cells, driven by a secret key, hides the transformation functions that map the scan-in stimulus (scan-out response) and the delivered scan pattern (captured response). While static scan obfuscation utilizes the same secret key, and thus, the same secret transformation functions throughout the lifetime of the chip, dynamic scan obfuscation updates the key periodically. In this paper, we propose ScanSAT: an attack that transforms a scan obfuscated circuit to its logic-locked version and applies the Boolean satisfiability (SAT) based attack, thereby extracting the secret key. We implement our attack, apply on representative scan obfuscation techniques, and show that ScanSAT can break both static and dynamic scan obfuscation schemes with 100 percent success rate. Moreover, ScanSAT is effective even for large key sizes and in the presence of scan compression.

Original languageEnglish (US)
Pages (from-to)1867-1882
Number of pages16
JournalIEEE Transactions on Emerging Topics in Computing
Issue number4
StatePublished - Sep 13 2019


  • logic locking
  • Obfuscated scan chains
  • SAT attack
  • scan locking
  • scan obfuscation
  • Companies
  • Logic gates
  • Outsourcing
  • IP networks
  • Integrated circuit modeling
  • Testing

ASJC Scopus subject areas

  • Computer Science (miscellaneous)
  • Information Systems
  • Human-Computer Interaction
  • Computer Science Applications


Dive into the research topics of 'ScanSAT: Unlocking Static and Dynamic Scan Obfuscation'. Together they form a unique fingerprint.

Cite this